Get the latest news right in your inbox
Timestamps are one of the most widely used mechanisms today to secure digital transactions and guarantee their originality. Both as a cryptographic method and as a model for sealing sensitive documents, timestamp certificates have become a crucial tool in today's economy.
The digital world has brought with it great changes in the way and methods in which we handle information and documents, as well as other types of operations that need to be recorded. In this context, time-stamping has emerged as an essential tool to guarantee the integrity and authenticity of data in electronic format.
In this article, we explore in depth the concept of time-stamping, its various types, applications, and its legal basis with the aim of shedding light on this essential technique in today's digital economy where trusted services are indispensable and mandatory.
What is a timestamp?
A timestamp is a timestamp that is intertwined with a set of data to certify when it was last created or modified (or as a total record of interactions prior to the timestamp). It is a kind of "electronic seal" with digital and cryptographic content that acts as an independent witness to when a specific event related to the information in question occurred. The time-stamping system or provider that performs the process is decisive as a mediating and independent authority.
Time stamps play a fundamental role in ensuring the integrity and authenticity of data online or contained in a static digital file, although it is especially relevant in critical transactions where an accurate record of the date and time of events such as banking transactions or the signing of a contract is required.
What does timestamping mean?
Timestamping is a process by which the data of the time stamp (the timestamp) is encrypted together with the data of information in digital format. After this, a certificate is issued that endorses, communicates, and supports this process. The timestamp is generated using cryptographic algorithms that ensure its immutability.
Time stamping has a concrete meaning in the field of data security and authenticity, especially in what we know as qualified trust services or RegTech techniques. It means that, in a world where information can be easily manipulated, it is possible to have irrefutable evidence of when a digital file was created or modified. This is especially valuable in legal, financial, or business situations where an accurate record of time is needed.
Time-stamping is based on sound cryptographic principles (with advanced blockchain technologies) and is used to prevent tampering of digital documents, making it an essential tool for online trust.
Time Stamping Authorities (TSA) and protocols
Also known as timestamping, timestamping is a standard described by the Network Working Group in RFC 3161 (with a 256-bit hash algorithm) and fully recognized worldwide both in the more "analog" economy and in the new digital processes and standards for secure, trusted electronic transactions.
The TSA (Timestamping Authority) acts as a provider of electronic certification and trust services by providing a hash of a document or digital information whose fingerprint verifies the date and time of its creation or last modification.
When the process is performed with qualified time stamping means we talk about QTSA (Qualified Time Stamp Authority) and qualified time stamps with trusted third parties.
Types of timestamping and timestamping
As impartial authorities, time-stamping providers guarantee that the information contained in these digital files cannot be altered and that in case of duplications or modifications, there will be a record of these. In this way, time stamping is a great ally of the electronic signature as it is integrated into more than one aspect of it.
Time-stamping is performed through the application of public key infrastructure (PKI) technologies with encryption and decryption. E2E rules are applied when this is modified or made available to legitimate parties and owners of the information present in different locations (or with different sessions on devices connected through the Internet).
It is also very important to understand the difference between time stamping and time stamping (or time stamping). With different techniques and complementary legal assurance, they are systems that impact data in different ways:
- Timestamp: The timestamp does not necessarily have to be stamped with a cryptographic process that works according to both legal and technical standards. That is, the time reference is generated but not stamped according to specific requirements.
- Time stamping: Time stamping is the process that assigns the time reference according to the supplier as a trusted third party and its policies agreed with the agencies that give it the status of authority, providing impartiality.
In this way, we see how time stamps create great legal guarantees in all types of operations and public and private transactions, including administrative ones. This gives total reliability to an execution, online signature, or operation either through the Internet or in person (although digital devices must be used to make this seal, since in a paper document other types of measures are used to ensure this type of time stamps, less reliable and more vulnerable).
Although, as we have seen, time stamping is based on a source of temporal information linked to a coordinated universal time as defined by the NWG standard, there are different types of time stamping. Each with its own specific characteristics and is created with slightly different methods (or variations thereof depending on the use case) although they respond to eIDAS standards and other international regulations. The main types include:
- Simple Time Stamping: Simple time stamping uses a reliable time source, such as a time server, to generate a time stamp in a simple and straightforward method with simple techniques.
- Qualified Time Stamping: Qualified time stamps are the most secure and reliable type. It is based on a digital certificate issued by a Qualified Time Stamping Authority (QTSA) recognized by public institutions that give it the status of a trusted service provider. This guarantees the authenticity and integrity of the time stamp with the support of the current legal standard.
- Blockchain-Based Time Stamping: This approach uses state-of-the-art blockchain technology (some are configured to use superior cryptographic algorithms trained by ML) to record timestamps. It is highly tamper-resistant and is suitable for applications where a high level of security is required.
- Distributed Time Stamping: Instead of relying on a centralized time source, distributed time stamping relies on multiple time sources dispersed in the network, which makes it more resistant to failures and attacks. However, it is much more difficult to create and is not widely used.
- Electronic Time Stamping: This type refers to the use of time stamps in the field of electronic signatures and is essential to guarantee the authenticity of digitally signed documents. It is more a nomenclature than a type, although this denomination is currently widely used due to the rise of the essential digital signature.
Qualified time stamping
A qualified timestamp is one that complies with the standards and requirements established by the most demanding regulation in the region that applies the process, such as the European Union's eIDAS Regulation. This implies that the timestamp has been issued by a duly accredited Time Stamping Authority (TSA) and has been generated using secure cryptographic algorithms defined in the standards.
The qualification of a time stamp ensures its legal recognition in markets such as the EU and its usefulness in critical situations, such as the presentation of evidence in court in major disputes.
Steps to seal a quick time-stamped document
Stamping a document involves attaching a time stamp to that digital document or set of electronic data (can be done with any type of file, including videos and photographs) to certify its existence at a specific point in time on a specific date and time. This is achieved by following these steps:
- Document Preparation: The document to be sealed must be ready in digital format. In case of data or other information, it should be packaged to be understood as a whole.
- Selection of the TSA: Choice of a qualified and trusted Time Stamping Authority (TSA) or a qualified trusted service provider offering this same service in-house or through partners.
- Information Capture: The TSA or electronic signature system takes the information to be sealed, such as a digital document or data set.
- Time Stamp Generation: The document is sent to the TSA or is done by your online e-signature service. The TSA will generate a qualified timestamp and return it along with the corresponding certificate to the trusted signature and service provider.
- Hashing: A cryptographic hash function is applied to the information to create a unique, fixed value that represents the original data. This value is known as a "hash digest."
- Attach the Stamp: The system embeds the time stamp into the digital document by connecting end-to-end with the TSA. This can be done automatically (with RPA connectors) or manually, depending on the tool used.
- Optional Verification: It may be useful to verify the time stamp to ensure its authenticity using the TSA public key. Many trusted service providers perform this for their customers in the system before signing.
- Digital Signature: The hash digest is digitally signed with the TSA private key, thus creating the time stamp. This process is linked to the electronic signature of documents in the case of online signature platforms.
- Certification: The timestamp is attached to a digital certificate that contains information about the TSA and its public key. This certificate is what makes the seal qualified. This can be reflected in the audit report of some electronic signature applications and platforms.
- Secure Storage: The timestamp and certificate are securely stored in accordance with GDPR standards, and the resulting information is provided to the requesting or signing parties to an agreement.
Timestamps in electronic signatures
Electronic signatures have reinvented the way we conduct transactions and agreements both in person and remotely. However, the reliability of an electronic signature depends to a large extent on the integrity of the signed documents. Time stamps play a key role in this context.
A timestamp is used in the electronic signature to guarantee that a signed document is immutable and has not been modified since the moment of signing. The same for transactions and operations occurring from the time the email or message with the digital signature request is sent until it returns to the requester with the recipient's signature, everything must be recorded with full traceability, which implies sequential timestamps according to the phases of the electronic signature process. This is crucial to validate the authenticity of the signature in the future, especially in legal situations.
In Europe, there are standards such as TS 101 733 and TS 101 903 that are linked with the ES-T and ES-C variants to add time stamps and information through querying certificate revocation lists and OCSP templates. This exempts the recipient from checking the validity of a certificate that may transition from the certification service provider.
Thus, time stamping in digital signatures ensures that the parties involved can trust the integrity of documents and online transactions, which is essential for the widespread adoption of electronic solutions in the business and legal environment. Electronic signature and digital transaction regulations define how time stamps and digital signatures should interact with each other.
Time stamps and certificates
A time-stamping certificate is an essential piece of the qualified time-stamping process. It is a digital medium that contains vital information about the Time Stamping Authority (TSA) and its public key. It can be linked to the audit report of an electronic signature process or independently as an evidentiary document. This certificate plays a key role in verifying the authenticity of a qualified time stamp.
A time-stamping certificate generally contains the following elements:
- TSA Name: The name and identification of the Time Stamping Authority that issued the certificate. In some cases, evidentiary data beyond the name is included.
- TSA Public Key: The TSA public key, which is used to verify the digital signature of TSA-issued time stamps.
- Validity Period: The start and end date of the certificate's validity.
- Serial Number: A unique number that uniquely identifies the certificate.
- Time Stamping Policy: The policies and procedures that TSA follows when issuing time stamps as well as their adaptation to the regulatory framework of the market where the stamping has been performed.
Verification of a time stamp certificate is essential to confirm the authenticity of a qualified time stamp. To do this, make sure you have access to the time stamp certificate that corresponds to the stamp you wish to verify.
Online verification can be performed: through the online services offered by the TSA that allow you to verify the authenticity of a time stamp using its certificate. Simply enter the stamp and certificate into the TSA's online verification tool and check the data.
If a more manual verification is chosen, digital certificate verification software from an associated cryptographic technology provider can be used. You can import the certificate and timestamp into the tool and verify that the digital signature on the timestamp matches the TSA public key. It is not an official confirmation but it is very complicated that if it matches it is not a time stamping performed correctly and securely, especially in the case of electronic signatures compliant with eIDAS standards. Successful verification of the timestamp certificate guarantees that the timestamp is genuine and complies with security standards.
Time stamping use cases and applications
Time stamping has a wide variety of applications in diverse industries and environments for all areas of business and in commercial operations of all types, as well as in the field of public administrations. Some of the most common use cases include:
- Electronic Legal Contracts: In the legal area, electronic contracts are already a standard that enjoys greater validity in court than most traditional signature methods. Time stamping is used to ensure that digitally signed contracts are immutable and have not been modified since signing. The same is true for electronic invoicing as well as for login and secure access traces according to PSD2/SCA standards.
- Intellectual Property Registration: To protect copyrights and inventions, time stamping is applied to certify when a work, trademark, or invention was first created.
- Document Archiving: In business and government, time-stamping is used to archive important information such as financial and medical records (books), ensuring their integrity over time. This extends to gambling for both gambling and brokers in the stock market as well as for electronic records or orders.
- Evidence in Litigation: In court cases, time stamping can be used as evidence to prove the authenticity of documents and digital records in case of dispute. In this situation, it is always linked to the exercise of the electronic signature. It is a use case related to electronic visas or digital voting, already implemented in many cities by local governments.
- Supply Chain Security: In the manufacturing and logistics industry, time stamping is used to track and verify the authenticity of products and components throughout the supply chain.
Legal basis for time-stamping: eIDAS, EU and trust services
Regulation plays an indisputable role in the validation and acceptance of time stamps in the legal and commercial spheres. In the European Union, the eIDAS (Electronic Identification and Trust Services for Electronic Transactions in the Internal Market) Regulation establishes a solid legal framework for trust services, including time-stamping among them and defining how it should be applied together with electronic signatures.
This provides a harmonized framework for qualified time stamps by establishing the standards and requirements that Time-Stamping Authorities (TSAs) and providers must meet in order to apply them. For example, the time stamp must be, at a minimum, signed with an advanced electronic signature or advanced electronic seal. This is described in Article 42 of the European standard and gives official organizations the ability to offer the services in conjunction with or distinct from the digital signature.
The same standard recognizes that qualified time stamps in electronic format are legal evidence in legal proceedings in any of the countries of the European Union and all those that choose to regulate their electronic transaction standards using the pioneering eIDAS. A perfect legal protection at regional and international level.